Starting the Transaction server Docker container by retrieving parameters from Vault
Learn about how to start Transaction server Docker container by specifying
CONFIGURE_MODE=Vault.
Mandatory parameters
These are the mandatory parameters that you need to specify to configure the container to retrieve more parameters from Vault.
| Parameter name (key) | Value | Configuration |
|---|---|---|
| TENANT | The name of the group that contains your set of environments. For example, MyCompany. | Container environment variable |
| ENVIRONMENT | The name of the environment. For example, Non-production. | Container environment variable |
| ENVTYPE | The environment type. Accepted values are auth and live. | Container environment variable |
| VAULT_TOKEN | The Vault token to use to connect to Vault and request certification from Vault PKI. | Container environment variable |
| VAULT_URL | The Vault URL to use to connect to Vault and request certification from Vault PKI. | Container environment variable |
| STOREWEB_HOST | A unique hostname for use with Management Center Store preview. If you are using DC/OS, this
is the internal DNS in DC/OS. For example,
store-wytryqaauth.cn.ibm.com. Note: If you have multiple stores
running on multiple domains, you can configure your domains to
redirect to STOREWEB_HOST to ensure that
preview works for all stores. |
Container environment variable |
| SPIUSER_NAME | Your SPIUSER name. The default value is spiuser. Note: From version 9.1.7.0 onward, the
SPIUSER_NAME parameter is optional.
If it is not specified, then the default value is
assumed. |
Container environment variable/Vault |
| SPIUSER_PWD | The encrypted password for the spiuser. For more information, see Setting the spiuser password in your Docker images. | Container environment variable/Vault |
| DBHOST | The database hostname. | Container environment variable/Vault |
| DBNAME | The name of the database. | Container environment variable/Vault |
| DBUSER | The database user name. | Container environment variable/Vault |
| DBPASS | The database user password. | Container environment variable/Vault |
| DBPORT | The database port. | Container environment variable/Vault |
| DBAUSER | The database administrator. | Container environment variable/Vault |
| DBAPASSENCRYPT | The database administrator password that is encrypted with wcs_encrypt.sh. | Container environment variable/Vault |
| DBPASSENCRYPT | The database user password that is encrypted with wcs_encrypt.sh. | Container environment variable/Vault |
| ELASTICSEARCH | Whether the Elasticsearch-based search solution is in use or not. Accepted values are:
|
Container environment variable/Vault |
 SESSION_KEY_ENCRYPT |
The encrypted session key. Note: This parameter was optional in all
releases prior to HCL Commerce
9.1.12.0. |
Container environment variable/Vault |
Optional parameters
These are optional parameters. You can pass these parameters as container environment variables, or you can store them in Vault. If you store the key-value pairs in Vault, the /SETUP/bin/vaultConfigure.sh script retrieves the values from Vault. All parameters that you specify as container environment variables take precedence over the values that are stored in Vault.
| Parameter name (key) | Value |
|---|---|
| DOMAIN_NAME | The internal service domain name. The default value is :
default.svc.cluster.local. If the deployed environment is on a special
namespace on Kubernetes, the domain name should be .svc.cluster.local. |
| EXTERNAL_DOMAIN_NAME | The external domain name specifies the store-web external domain name, which can be
recognized by your browser. For example, in the hostname store.demo4qaauth.hcl.com, hcl.com would be the external domain name. |
| DB_SSLENABLE | Determines whether to enable SSL protocol for connections to the database. Valid values
are true or false. The
default value is You can also specify datasource credentials through the start up command if you do not want to retrieve the datasource values from Vault. |
| DB_XA | Specify if the XA function has been enabled for database. Default value is false. You can also specify datasource credentials through the start up command if you do not want to retrieve the datasource values from Vault. |
| DBHOST_LIVE Note: If you need to point to a different live database, you need to specify all
of the related parameters. You can also specify datasource credentials through the start up command
if you do not want to retrieve the datasource values from Vault. |
The database hostname in the live environment. |
| DBNAME_LIVE | The name of the database in the live environment. |
| DBPASS_LIVE | The database user password in the live environment. |
| DBPORT_LIVE | The database port in the live environment. |
| DBUSER_LIVE | The database user name in the live environment. |
| DB_SSLENABLE_LIVE | Determines whether to enable SSL protocol for connections to the live database. Valid
values are true or false.
The default value is You can also specify datasource credentials through the start up command if you do not want to retrieve the datasource values from Vault. |
| DB_XA_LIVE | Specify if the XA function has been enabled for the live database. The default value is
false.You can also specify datasource credentials through the start up command if you do not want to retrieve the datasource values from Vault. |
| DBTYPE | The database type. Accepted values are:
|
| MERCHANTKEY_ENCRYPT | The encrypted merchant key value, encrypted with the key encryption key. The merchant key was
created when you or an administrator loaded the HCL Commerce database schema. For more information, see: Important: You must specify your own merchant key and key
encryption key values for the security of your HCL Commerce installation. Do not
use the default values contained within the provided sample configuration files and
documentation examples. |
 KEY_ENCRYPTION_KEY |
The plain text key that is used to encrypt the merchant key. The key encryption key is required to be 32 characters. |
| LOCALSTOREWEB | The web server host name of a local store if you migrated from WebSphere Commerce Version 7 or WebSphere Commerce Version 8. |
| HEALTH_CENTER_ENABLED | Determines whether Health Center is enabled. The default value is
|
| adminPassword | The password for user configadmin, which is used to access the WebSphere Application Server Administrative Console. |
| TRACE_SPEC | Set trace specifications. For more information about trace, see Trace components. |
| KAFKA_SERVERS Note: The KAFKA_SERVERS,
ZOOKEEPER_SERVERS, and KAFKA_TOPIC_PREFIX parameters must
be provided together. |
The Kafka server. Works with ZOOKEEPER_SERVERS if you want to configure the container to catch validation. |
| ZOOKEEPER_SERVERS | Works with KAFKA_SERVERS, if you want to configure the container to catch validation. |
| KAFKA_TOPIC_PREFIX | KAFKA_TOPIC_PREFIX is used to compose the queue name for the cache invalidation. |
| SESSION_KEY_ENCRYPT | The encrypted session key. Note: This parameter is
mandatory in all releases HCL Commerce 9.1.12.0 and
greater. |
| SEARCH_HOST | The Search server host name. This parameter value depends on which search service you are using, and the environment type. |
| SEARCH_PORT | The Search server port number. |
| SEARCH_SCHEME | The Search server scheme. The default
value is |
| SEARCH_REPEATER_HOST | The host name of the search repeater. Note: This parameter is only required for a live HCL Commerce environment with Solr-based search. |
| INGEST_HOST | The Ingest service hostname. Note: This
parameter is only required with the Elasticsearch-based search
solution. |
| INGEST_PORT | The Ingest service port number. Note: This
parameter is only required with the Elasticsearch-based search
solution. |
| INGEST_SCHEME | The Ingest service scheme. Note: This
parameter is only required with the Elasticsearch-based search
solution. |
| ELASTICSEARCH_HOST | The Elasticsearch service hostname. Note: This parameter is only
required with the Elasticsearch-based search
solution. |
| ELASTICSEARCH_PORT | The Elasticsearch service port number. Note: This parameter is only required with the Elasticsearch-based
search solution. |
| ELASTICSEARCH_SCHEME | The Elasticsearch service scheme. Note: This
parameter is only required with the Elasticsearch-based search
solution. |
| XC_HOST | The Customization server host name. |
| XC_PORT | The Customization server port number. |
| STORE_HOST | The Store server host name. |
| STORE_PORT | The Store server port number. |
| STOREWEB_HOST | The Store Web server host. |
| STOREWEB_PORT | The Store Web server port number. |
| REACT_STORE_HOST | The React-based store host name. Note: This
parameter is only required with the Elasticsearch-based search
solution. |
| REACT_STORE_PORT | The React-based store port number. Note: This parameter is only required with the Elasticsearch-based
search solution. |
| REACT_STORE_SERVICE_HOST | The React-based store service host name. Note: This parameter is only required with the
Elasticsearch-based search solution. |
| REACT_STORE_SERVICE_PORT | The React-based store service port number. Note: This parameter is only required with the
Elasticsearch-based search solution. |
| JVM_CONTAINER_SUPPORT | An experimental parameter to enable JVM container support by removing the default JVM heapsize and adding the JVM parameter -XX:+UseContainerSupport. |
| JWKS | The Commerce tooling SPA uses JWT for API authentication.
Update this value to set the JWKS and keyID in order to sign and validate the JWT. The JWKS can be generated by the generateJWKS utility. |
| TOOLING_BASE_URL | This value is used by Management Center for HCL Commerce to load the Tooling SPA from the Tooling web server. |
| REDIS_PASSWORD_ENCRYPT | The Redis server password. |
| EXPOSE_METRICS | Specify if you want to enable metrics for the commerce environment. |
| DX_HOST | The HCL Digital Experience (DX) host name. This is required
to integrate HCL Commerce with DX. Note: This integration is only supported on a
Kubernetes deployment. |
| DX_PORT | The HCL Digital Experience (DX) port number. The default
value is set to |
| DX_SCHEME | The HCL Digital Experience (DX) scheme. The default value
is set to |
| LDAP_BIND_PASSWD |
The LDAP bind password XOR encoded by the WebSphere Application Server
PropFilePasswordEncoder utility. For more information on the PropFilePasswordEncoder utility, see PropFilePasswordEncoder command reference in the WebSphere Application Server documentation. |
| LDAP_TYPE |
The LDAP server type. Accepted values are:
|
| LDAP_HOST |
The fully qualified LDAP server host name. |
| LDAP_PORT |
The LDAP server port number. |
| LDAP_SSL |
Specify whether the LDAP server requires an SSL
connection. Accepted values are:
|
| LDAP_BIND_DN |
The LDAP bind distinguished name (DN). The value must be in lower case. |
| LDAP_LOGIN_PROP |
The LDAP property names that are used to log into the application server. |
| LDAP_BASE_DN |
The LDAP search base distinguished name (DN). The value must be in lower case. |
| LDAP_REALM_NAME |
Specify a value for the Realm name, instead of using the default
value. The default value is Note: If you are integrating with HCL Digital Experience, you must use the same Realm name for
both. |
| LDAP_USER_FILTER |
The LDAP user search filter. Only used for the custom LDAP type. |
| LDAP_USER_PREFIX |
The LDAP user prefix. |
 mqEnable |
Specify whether to enable IBM MQ integration. Accepted values
are:
|
| mqEnableActivitySessionTimoutPeriod |
The session timeout value. |
| mqMaxConnection |
The maximum number of connections allowed with IBM MQ. |
| mqHost |
The hostname of the IBM MQ server. |
| mqPort |
The port number of the IBM MQ server. |
| mqQueueManagerName |
The IBM MQ Queue Manager used by HCL Commerce to connect to the IBM MQ server. |
| mqErrorQueueName |
The IBM MQ Error Queue Name. |
| mqInboundQueueName |
The IBM MQ Queue Name. |
| mqSerialInboundQueueName |
The IBM MQ Queue Name to process messages in series. |
| mqParallelInboundQueueName |
The IBM MQ Queue Name to process messages in parallel. |
| mqOutboundQueueName |
The IBM MQ Outbound Queue Name. |